Get the Flash Player to see this video.

Description - See how an attacker can use our recent discovery of File-Upload vulnerability in Gmail-Lite to 0wn the entire box. This is to teach developers how a flaw in web application is evil.In this movie, you should learn: 1) Attacker bypasses Firewall by making victim machine connecting back to him via port 80 2) He bypasses WebServer level restrictions on dangerous APIs such as system, exec ...etc by using backtick operator (`) to execute any commands he wants.